Amendments In the Claims 



PATENT 



Please add claim claims 93 and 94. 
1-31. Canceled. 

32. (Previously Presented) A method of processing a packet comprising: 
configuring a plurality of access control specifiers in an access control element 

according to a priority of a type of each access control specifier, wherein 

the type of an access control specifier corresponds to information in an 
access control entry; 
matching one or more characteristics of said packet with one or more of the 

access control specifiers; 
selecting a match corresponding to an access control specifier with a highest 

associated priority; and 
processing said packet based on said selecting. 

33. (Previously Presented) The method of claim 32, wherein said access 
control element is a content addressable memory. 

34. (Previously Presented) The method of claim 32, wherein said matching 
and said processing is done in parallel. 

35. (Previously Presented) The method of claim 32, wherein said 
characteristics of said packet comprises one or more of a source address, a destination 
address, a source port, a destination port, a protocol type, an input interface and an output 
interface. 

36. (Previously Presented) The method of claim 32, wherein said 
characteristics of said packet comprises data carried by said packet in a packet header. 

37. (Previously Presented) The method of claim 32, further comprising: 
receiving said packet. 
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38. (Previously Presented) The method of claim 32, further comprising: 
identifying one or more of said access control specifiers based on said matching. 

39. (Previously Presented) The method of claim 38, further comprising: 
prioritizing said one or more of said access control specifiers identified based on 

said matching to generate a set of prioritized access control specifiers. 

40. (Previously Presented) The method of claim 39, wherein said prioritizing 
is done in parallel by a priority encoder. 

41. (Previously Presented) The method of claim 39, wherein said prioritizing 
is done based on an address of said access control specifiers in said access control 
element. 

42. (Previously Presented) The method of claim 39, wherein said processing 
is done based on said set of prioritized access control specifiers. 

43. (Previously Presented) The method of claim 32, wherein said processing 
further comprising: 

if said packet requires processing by a higher-level processor, 
forwarding said packet to said higher-level processor. 

44. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires dropping, 

dropping said packet. 

45. (Previously Presented) The method of claim 32, further comprising: 
if said packet requires forwarding, 

forwarding said packet. 

46. (Previously Presented) A system for processing a packet comprising: 
one or more access control specifiers, wherein 

said one or more access control specifiers are of one or more types of 
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access control specifiers, and 
said one or more types of access control specifiers being related to 
information in an access control entry; 
an access control element, wherein 

said access control element is configured to 

store said one or more access control specifiers according to a 
priority of the type of each access control specifier, and 
match one or more characteristics of said packet with one or more 
access control specifiers; and 
a priority encoder coupled to said access control element, wherein 
said priority encoder is configured to 

select a highest priority match based on the priority of the types of 
access control specifiers. 

47. (Previously Presented) The system of claim 46, wherein said priority 
encoder is further configured to 

prioritize said one or more access control specifiers according to an address of 
said one or more access control specifiers in said access control element. 

48. (Previously Presented) The system of claim 46, further comprising: 

a compare unit coupled to said access control element, wherein said compare unit 
is configured to compare said one or more characteristics of said packet 
with one or more values. 

49. (Previously Presented) The system of claim 48, wherein said one or more 
values are predetermined. 

50. (Previously Presented) The system of claim 48, wherein said one or more 
values are dynamically determined. 
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5 1 . (Previously Presented) The system of claim 48, wherein said compare 
unit is further configured to 

perform arithmetic operation on data carried by said packet in a packet header. 

52. (Previously Presented) The system of claim 48, wherein said compare 
unit is further configured to 

perform logical operation on said data carried by said packet in said packet 
header. 

53. (Previously Presented) The system of claim 46, wherein said access 
control element further comprising: 

an access control memory. 

54. (Previously Presented) The system of claim 53, wherein said access 
control memory is a content-addressable memory. 

55. (Previously Presented) The method of claim 53, wherein said access 
control memory stores at least one of said access control specifier. 

56. (Previously Presented) The system of claim 53, wherein said access 
control specifier further comprising: 

a label match mask configured to determine whether a first corresponding bit of 
said one or more characteristics of said packet is tested; and 

a label match pattern, wherein said label match pattern is compared with a second 
corresponding bit of said one or more characteristics of said packet. 

57. (Previously Presented) The system of claim 46, further comprising: 

a processor, coupled to said access control element, said processor is configured 
to process said packet when said packet is not processed by said access 
control element. 
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58. (Previously Presented) The system of claim 46, further comprising: 

at least one input port coupled to said access control element, wherein said input 

port is configured to receive said packet; and 
at least one output port coupled to said access control element, wherein said 

packet is forwarded via said output port. 

59. (Previously Presented) A system for processing a packet comprising: 
means for configuring a plurality of access control specifiers in an access control 

element according to a priority of a type of each access control specifier, 
wherein 

the type of an access control specifier corresponds to information in an 
access control entry; 

means for matching one or more characteristics of said packet with one or more of 
the access control specifiers; 

means for selecting a match corresponding to an access control specifier 
with a highest associated priority; and 
means for processing said packet based on said matching. 

60. (Previously Presented) The system of claim 59, wherein said access 
control element is a content addressable memory. 

61. (Previously Presented) The system of claim 59, wherein said matching 
and said processing is done in parallel. 

62. (Previously Presented) The system of claim 59, wherein said 
characteristics of said packet comprises one or more of a source address, a destination 
address, a source port, a destination port, a protocol type, an input interface and an output 
interface. 

63. (Previously Presented) The system of claim 59, wherein said 
characteristics of said packet comprises data carried by said packet in a packet header. 
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64. (Previously Presented) The system of claim 59, further comprising: 
means for receiving said packet. 

65. (Previously Presented) The system of claim 59, further comprising: 
means for identifying one or more of said access control specifiers based on said 

matching. 



66. (Previously Presented) The system of claim 65, further comprising: 
means for prioritizing said one or more of said access control specifiers identified 

based on said matching to generate a set of prioritized access control 
specifiers. 

67. (Previously Presented) The system of claim 66, wherein said prioritizing 
is done in parallel by a priority encoder. 

68. (Previously Presented) The system of claim 66, wherein said prioritizing 
is done based on an address of said access control specifiers in said access control 
element. 

69. (Previously Presented) The system of claim 66, wherein said processing is 
done based on said set of prioritized access control specifiers. 

70. (Previously Presented) The system of claim 59, wherein said processing 
further comprising: 

means for forwarding said packet to said higher-level processor if said packet 
requires processing by a higher-level processor. 

71 . (Previously Presented) The system of claim 59, further comprising: 
means for dropping said packet if said packet requires dropping. 

72. (Previously Presented) The system of claim 59, further comprising: 
means for forwarding said packet if said packet requires forwarding. 
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73. (Previously Presented) A system comprising: 

means for maintaining a set of access control patterns in at least one associative 
memory; 

means for receiving a packet label responsible to a packet, said packet label being 
sufficient to perform access control processing for said packet; 

means for matching matchable information, said matchable information being 
responsive to said packet label, with said set of access control patterns in 
parallel; 

means for generating a set of matches in response thereto, each said match having 

priority information associated therewith; 
means for selecting at least one of said matches in response to said priority 

information, and generating an access result in response to said at least 

one selected match; and 
means for making a routing decision in response to said access result. 

74. (Previously Presented) The system of claim 73 further comprising: 
means for choosing a first one of said matches. 

75. (Previously Presented) The system of claim 73, further comprising: 
means for determining an output interface for said packet. 

76. (Previously Presented) The system of claim 73, further comprising: 
means for implementing a quality of service policy. 

77. (Previously Presented) The system of claim 73, further comprising: 
means for permitting or denying access for said packet. 

78. (Previously Presented) The system of claim 73, further comprising: 
means for making a preliminary routing decision for said packet. 

79. (Previously Presented) The method of claim 73, further comprising: 
means for determining at least one output interface for said packet. 
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80. (Previously Presented) The system of claim 73, further comprising: 
means for preprocessing said packet label; and 

means for generating said matchable information. 

8 1 . (Previously Presented) The system of claim 79, further comprising: 
means for performing one or more of an arithmetic, logical, and comparison 

operation on said packet label; and 
means for generating a bit string for said matchable information in response to 
said arithmetic, logical, and comparison operation. 

82. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a field of said packet label with an arithmetic range or mask 

value. 

83. (Previously Presented) The system of claim 73, further comprising: 
means for comparing a source IP port value or a destination IP port value with a 

selected port value. 

84. (Previously Presented) The system of claim 73, further comprising: 
means for postprocessing said selected match to generate said access result. 

85. (Previously Presented) The system of claim 73, further comprising: 
means for accessing a memory in response to a bitstring included in said selected 

match. 

86. (Previously Presented) The system of claim 73, further comprising: 
means for declaring whether to permit or deny access of a set of packets. 
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87. (Previously Presented) The system of claim 73, further comprising: 
means for receiving a sequence of access control specifiers; 

means for translating said sequence of access control specifiers into a sequence of 

access control patterns; and 
means for storing said sequence of access control patterns in said associative 

memory. 

88. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 

89. (Previously Presented) The system of claim 73, further comprising: 
means for generating a single one of said access control patterns in response to a 

plurality of said access control specifiers. 

90. (Previously Presented) A method of processing a packet comprising: 
selecting an output interface to which to forward the packet; 
determining forwarding permission for the packet, wherein 

the determining comprises 

matching one or more characteristics of said packet with one or more 
access control specifiers in at least one access control element; 
processing said packet based on said forwarding permission; 
wherein, 

the selecting step is performed in parallel with the determining step. 

91 . (Previously Presented) The method of claim 32, wherein said one or more 
access control specifiers include a label match mask and a label match pattern. 

92. (Previously Presented) The system of claim 46, wherein said one or more 
access control specifiers include a label match mask and a label match pattern. 
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93. (New) The method of claim 32 further comprising: 
a plurality of types of access control specifiers, wherein 

each type of access control specifier corresponds to a respective packet 
field. 



94. (New) The system of claim 46 further comprising: 
a plurality of types of access control specifiers, wherein 

each type of access control specifier corresponds to a respective packet 
field. 
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